package com.aisb.core.shiro;

import com.aisb.core.util.WebUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.web.filter.AccessControlFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SessionOutFilter extends AccessControlFilter {

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object o) throws Exception {
        return false;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        if(!SecurityUtils.getSubject().isAuthenticated()){
            if(WebUtil.isAjax(httpServletRequest)){
                httpServletResponse.setHeader("session-status", "timeout");
                httpServletResponse.getWriter().write("ajaxSessionOutajax");
            } else{
                httpServletResponse.sendRedirect("/loginout");
            }
            return false;
        }

        return true;
    }
}
